Cyber Security News & Trends – 04-26-19
This week, SonicWall’s recent PDF and Office cyberattack findings back up investigative reporting, a “secure” WhatsApp replacement is anything but, and vulnerabilities in the Internet of Things continue to create headlines.
SonicWall Spotlight
The Growing Partnership Between Russia’s Government and Cybercriminals – 60 Minutes
- In a new investigative report, CBS examines evidence of increasingly blurred lines between Russia intelligence agencies and the criminal exploits of notorious cybercriminals like Evgeniy Bogachev, better known as the hacker “slavik” and “lucky12345”. The report further supports SonicWall’s recent findings of escalating PDF and Office document-based attacks likely originating from Russia.
Cyber Threat Report: Over 10 Billion Attacks of Various Types Recorded in 2018 – Business Review
- Business Review reflect on the figures from the 2019 SonicWall Cyber Threat Report and the recently revealed data on the rise of dangerous PDF files.
PDF: The Vehicle of Choice for Malware and Fraud – HelpNet Security
- Help Net Security reports on the rise in PDF cybercrime campaigns. Additional coverage this week can found in OODA Loop, MeriTalk, Ciso Magazine and NextGov.
Cyber Security News
How Nest, Designed to Keep Intruders out of People’s Homes, Effectively Allowed Hackers to Get In – Washington Post
- Internet connected devices, like Google’s Nest family, struggle striking the right balance between making devices very secure and making them easy to use. If too much friction is put in place for security reasons, then brands risks turning potential users off.
FBI: Cybercriminals Set New Record in 2018 by Causing More Than $2.7 Billion in Reported Losses – Washington Times
- The FBI’s Internet Crime Complaint Center have released their annual report, detailing an almost doubling of financial losses caused by cybercrime in 2018.
Bug in French Government’s WhatsApp Replacement Let Anyone Join ÉLysée Chats – Ars Technica
- A “secure” messaging app launched by the French government was hacked almost immediately upon release.
An Inside Look at How Credential Stuffing Operations Work – ZDNet
- ZDNet dig deep into the world of cybercrime to explain how credential stuffing works, detailing both the tools and methods used, but also its place in the criminal economy.
Unauthorized Party Muscles Its Way Into Bodybuilding.Com’s Systems – SC Magazine
- Bodybuilding.com revealed that it suffered a data breach in February 2019 leaving exposed a trove of data, including the real names, email addresses, physical addresses and phone numbers. Stored financial information beyond partial card numbers was not exposed.
Hacker Finds He Can Remotely Kill Car Engines After Breaking Into GPS Tracking Apps – Motherboard
- A hacker broke into the accounts of thousands of GPS trackers and claims that “with one touch, I can stop these vehicles engines.” He says that he has carried out this hack to raise awareness of the poor security on the GPS apps.
Cybersecurity: UK Could Build an Automatic National Defence System, Says GCHQ Chief – ZDNet
- Following a recent UK cybersecurity survey suggesting that only 15% of people say they know how to protect themselves online, the head of the GCHQ in the UK has called for cybersecurity responsibility not to be dependent on individuals but shared by governments, ISPs and businesses.
In Case You Missed It
- What to Look for in a CASB Solution – Ganesh Umapathy
- New PDF Fraud Campaign Spotlights Shifting Cybercriminal Phishing Tactics – Dmitriy Ayrapetov
- Stopping PDF Attacks: 5 Ways Users & Organizations Can Work Together – Brook Chelmo
- ‘Chase & Capture’: The Chertoff Group Hosts SonicWall CEO Bill Conner on Latest Podcast – Geoff Blaine
- RTDMI Evolving with Machine Learning to Stop ‘Never-Before-Seen’ Cyberattacks – Brook Chelmo